From be995ba9a9dee4db2b6c02dbc1efe624702c272c Mon Sep 17 00:00:00 2001
From: pe3zx <pe3zx@users.noreply.github.com>
Date: Thu, 29 Mar 2018 23:36:10 +0700
Subject: [PATCH] [Tools][Windows] eladshamir/Internal-Monologue

---
 README.md | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/README.md b/README.md
index e132eb0..adb1d8e 100644
--- a/README.md
+++ b/README.md
@@ -1600,6 +1600,10 @@ My curated list of awesome links, resources and tools
         <td><a href="https://github.com/DanMcInerney/icebreaker">DanMcInerney/icebreaker</a></td>
         <td>Gets plaintext Active Directory credentials if you're on the internal network but outside the AD environment</td>
     </tr>
+    <tr>
+        <td><a href="https://github.com/eladshamir/Internal-Monologue">eladshamir/Internal-Monologue</a></td>
+        <td>Internal Monologue Attack: Retrieving NTLM Hashes without Touching LSASS</td>
+    </tr>
     <tr>
         <td><a href="https://github.com/google/sandbox-attacksurface-analysis-tools">google/sandbox-attacksurface-analysis-tools</a></td>
         <td>This is a small suite of tools to test various properties of sandboxes on Windows. Many of the checking tools take a -p flag which is used to specify the PID of a sandboxed process. The tool will impersonate the token of that process and determine what access is allowed from that location. Also it's recommended to run these tools as an administrator or local system to ensure the system can be appropriately enumerated.</td>